XSS in IceWarp Webmail 18.104.22.168 – CVE-2017-7855
In my latest post, I am going to run through my process of identifying XSS in IceWarp Webmail 22.214.171.124 during a penetration assessment.
It was a chilly Nebraska February, temperatures were slightly below average for this time of year but nothing a hot cup of cocoa couldn’t handle. I was performing, up to this point, a rather standard penetration assessment with findings that didn’t inspire much excitement. Until lo and behold, I saw successful Cross-Site Scripting in a webmail application that previous to this assessment was not a known vendor.
REFERENCE LINKS: https://www.icewarp.com/